Claims 

1 . A multi-port network communication device including; 

a plurality of ports for the reception and transmission of addressed data packets which 
include media access control address data; 

a forwarding mechanism for directing packets received at any of said plurality of ports to 
at least one of the plurality of ports; 

a memory for the selectively controllable storage of permitted media access control 
addresses; and ^ 

means for restricting forwarding of packets from the device in response to an examination 
of media access control data in said packets and said permitted media access control 
addresses; 

wherein said means for restricting prevents the forwarding of a unicast packet having a 
source address and a destination address when neither of those addresses in the unicast 
packet corresponds to a permitted media access control address, said device including 
means for comparing both the source address and the destination address of said unicast 
packet with said permitted media access control addresses. 

2. A device according to claim 1 wherein said means for restricting prevents the 
forwarding of multicast and/or broadcast packets to ports which are not connected to 
devices having permitted media access control addresses, 

said device being operative to provide a list of ports which are connected to devices 
having permitted media access control addresses and said forwarding mechanism 
including a port mask generator for producing a port mask that identifies a port which is 
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both a port to which a packet may be forwarded according to media access control data in 
the packet and a port in said hst. 



3. A multi-port network switch including: 

5 

a plurality of ports for the reception and transmission of addressed data packets which 
include media access control source and destination address data; 



a forwarding database relating media access control addresses to said ports; 

10 

a forwarding mechanism for directing, in response to media access control destination 
address data in a received packet and in cooperation with said forwarding database, said 
received packet to at least one of the plurality of ports; 

15 a memory for the selectively controllable storage of permitted media access control 

addresses; and 

means for restricting forwarding of packets from the device in response to an examination 
of media access control data in said packets and said permitted media access control 
20 addresses; 



wherein said means for restricting prevents the forwarding of said received packet when 
said packet is a received unicast packet having a source address and a destination address 
when neither of those addresses in the received unicast packet corresponds to a permitted 
25 media access control address, said device including means for comparing both the source 

address and the destination address of said received unicast packet with said permitted 
media access control addresses. 

4. A switch according to claim 3 wherein said means for restricting prevents the 
30 forwarding of multicast and/or broadcast packets to ports which are not connected to 

devices having permitted media access control addresses. 
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said switch including: 

a cache containing a Hst of ports which are connected to devices having permitted media 
5 access control addresses; and 

a port mask generator for producing a port mask that identifies a port which is both a port 
to which a packet may be forwarded according to media access control data in the packet 
and a port in said list. 



